Smart Card Personalization in a Multistation Environment 



Related Applications 

This application is a continuation under 37 C.F.R. 1.53(b) of U.S. Patent 
5 Application Serial No. 09/798,455, filed March 2, 2001, which is a continuation under 
37 C.F.R. 1.53(b) of U.S. Patent Application Serial No. 09/076,022, filed May 11, 1998 
(U.S. Patent No. 6,196,459), which appUcations are incorporated herein by reference. 

Field of the Invention 

10 The present invention relates generally to data storage devices and more 

specifically to the control of smart card personalization in a multistation environment. 

Background of the Invention 

Increasing numbers of organizations which issue transaction cards to their users, 
15 customers, or employees require cards tailored to meet the requirements of their 

particular service or application. These organizations also want the cards to contain 
data about the cardholder. Existing transaction cards encode such data in a magnetic 
stripe on the back of the card but the amount of data that can be held by a magnetic 
stripe is limited. A new type of transaction card embeds a microprocessor computer 
20 chip in the plastic of the card to greatly increase the card's data storage capacity. 

Additionally, sophisticated card apphcations specific to the card issuer can execute in 
certain varieties of the chips, and the chip may also contain a type of operating system. 
Transaction cards with embedded chips are referred to in the industry as portable 
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programmed data carriers, more commonly called "smart cards." The chip in a smart 
card is generally programmed with initialization and/or personalization data at the same 
time as the surface of the card is being embossed and/or printed. 

The initialization data comprises three major types of information: application 
5 data, security data, and printed data. The appUcation data is common to all cards for a 
given card application and includes application program code and variables. The 
security data prevents fraudulent use of the card and is usually provided in the form of 
"secure keys." Printed data, such as a logo, bar codes, and various types of numerical 
information, are placed on the surface of the card. Some or all of the same data can also 

10 be embossed on the surface. Optical technology also can be employed to make part or 
all of the surface of the card into a storage medium with data accessible by an 
appropriate optical reader. 

Smart cards are also programmed with information specific to an individual 
cardholder through a process called "personalization." The personalization information 

15 for a smart card is similar to the personalization information currently contained on 

non-smart cards, such as the cardholder's name, account number, card expiration date, 
and a photograph. Because of its increased storage capacity, the chip in a smart card can 
contain additional data beyond the basic information on the standard transaction card 
including a graphical representation of the individual's signature, data defining the types 

20 of service the cardholder is entitled to, and account limits for those services. 

Current systems from performing smart card initialization and/or personalization 
include a controller or a personal computer which is connected to a personalization 
station. All of the smart card programming data required for the personalization process 



is sent from the controller or personal computer to the personalization station which 
programs the smart card. An application running on the personaUzation station controls 
the programming of the smart card. Many current personalization stations have a 
limited capacity to handle the increasingly sophisticated personalization process as the 
size and functionality of smart card computer chips increase. Such limitations include 
the memory, processing capacity, and buffer size of the personalization stations. 

In addition, personalization stations may require access to extemal resources 
which provide security services or access to card data. The extemal resources, 
particularly the security services, are expensive infrastructures to repeat for each 
personalization station. Also, communication between the personalization station and 
the extemal resource is limited by the speed of the commimication link between them. 
In addition, the apphcation development environment available on the personalization 
stations is often unique and lacking in development tools. 

Therefore, there is a need for a personahzation system which overcomes the 
limitations on memory capacity and processing flexibiUty of current personalization 
stations. There is also a need for a personahzation system which can share extemal 
resources between multiple personahzation stations. 

Summary of the Invention 

The above-identified shortcomings as well as other shortcomings are addressed 
by the present invention, which will be understood by reading and studying the 
following specification. The invention is a computerized system for controlling 
programming of portable progranmied data carriers across a plurahty of personalization 



stations. The system includes a personalization server interface for acquiring services 
from one of more resources, transferring card information to one of the personaUzation 
stations and controlling the programming of the portable programmed data carrier. The 
system also includes a personalization station interface for receiving the card 
information from the personalization server interface and for programming the portable 
programmed data carrier. 

The invention also described is a method of controlling programming of portable 
programmed data carriers in a system having a plurality of programming stations. The 
method includes receiving one or more card objects from a card issuer management 
system. The card objects consist of information for programming the portable 
programmed data carriers. The method also includes receiving a programming request 
from the programming station and utilizing the card object to control the programming 
station as the programming station programs the portable programmed data carrier. 

Altematively, the invention described is a computerized system which includes a 
means for receiving one or more card objects from a card issuer management system. 
The computerized system also includes a means for receiving a programming request 
from the programming station and a means for utilizing the card object to control the 
programming station as the programming station programs the portable programmed 
data carrier. 

The smart card personalization system uses a data structure comprising a data 
field representing a card object containing information for programming a portable 
programmed data carrier and an additional data field containing a unique card object 
identifier for identifying the card object. 



Therefore, the smart card personalization system of the present invention shares 
extemal resources between multiple personalization stations. Other aspects and 
advantages of the invention will become apparent by reference to the drawings and by 
reading the following detailed description. 

Brief Description of the Drawings 

Figure 1 is a block diagram representing an embodiment of a smart card issuing 
process that incorporates a smart card personalization server of the 
present invention. 

Figure 2 is a functional block diagram of input and output connections for the 
embodiment of the smart personalization server of shown in Figure 1. 

Figure 3 is a block diagram showing one embodiment of the smart card 
personalization software of the present invention. 

Figure 4 is a high level flow chart for one embodiment of software which 
implements the functions of the smart card personalization server. 

Description of the Embodiments 

In the following detailed description of the embodiments, reference is made to 
the accompanying drawings which form a part hereof, and in which is shown by way of 
illustration specific embodiments in which the invention may be practiced. These 
embodiments are described in sufficient detail to enable those skilled in the art to 
practice the invention, and it is to be understood that other embodiments may be utihzed 
and that structural, logical and electrical changes may be made without departing fi-om 



the spirit and scope of the present inventions. The following detailed description is, 
therefore, not to be taken in a limiting sense, and the scope of the present inventions is 
defined only by the appended claims. 

The leading digit(s) of reference numbers appearing in the Figures usually 
5 corresponds to the Figure number, with the exception that identical components which 
appear in multiple figures are identified by the same reference numbers. 

The system of the present invention utihzes a personalization server to control 
smart card personalization in an environment having a plurality of personaUzation 
stations. The personaUzation server provides an interface to a plurality of card 
10 personalization stations and to external computing or data resources which normally are 
not directly available to the card personalization stations or which are not cost efficient 
to replicate at each card personaUzation station. 

The detailed description of this invention is divided into four sections. The first 
section provides an overview of one embodiment of a system for issuing smart cards 
1 5 which incorporates a smart card personalization server of the present invention. The 
second section describes the fimctional specifications for the software components of 
the example embodiment of the smart card personalization system. The third section 
illustrates an example communication sequence between personalization station 
interface software and personalization server software for a smart card personalization 
20 process. The fourth section is a conclusion which includes a summary of the advantages 
of the present invention. 

Smart Card Personalization System Overview. Figure 1 illustrates 
components of a smart card issuing process that incorporates one embodiment of the 



smart card personalization server of the present invention. The smart card 
personaUzation server 100 receives card objects from a card issuer management system 
150. A smart card personaUzation controller 120 receives, from the card issuer 
management system 150, a card object identifier for each one of the card objects passed 
to the smart card personalization server 100. The smart card personalization controller 
120 routes each one of the card object identifiers to one of a plurality of personalization 
stations 130. Each personalization station 130 uses the card object identifier to request 
data and services from the smart card personalization server 100 in order to personalize 
a smart card 160. 

The card issuer management system 150 manages the cardholder data and 
determines the type of card to issue, the card applications to embed in the card, and what 
personalization equipment to use to issue the card for a particular cardholder. 

The smart card personaUzation server 100 is illustrated in Figure 1 as a computer 
executing personalization server software as ftirther described below. The 
personalization server software executes under an operating system such as Unix, 
Windows 95®, or Windows NT®, and on industry-standard workstation and/or personal 
computer hardware. As described below, the smart card personaUzation server 100 
provides an interface to card personaUzation stations 130 and to external computing or 
data resources 180. 

The server 100 controls card printers, embossing devices, and integrated or 
add-on smart card interface devices collectively represented in Figure 1 as a plurality of 
personaUzation stations 130. PersonaUzation stations 130 also represent such devices as 
large volume card printer/embossers, small volume card printer/embossers, automatic 



teller machines (ATMs), point of sale terminals, unattended kiosks, personal computers, 
network computers, and on-line telecommunication devices. The physical connection 
between the devices and the smart card personahzation server 100 varies according to 
the manufacturer and model of the device. Common industry standard connections 
5 include serial RS232, SCSI (Small Computer System Interface), Ethernet, and serial 
TTL (Transistor-Transistor Logic). In addition, some devices require a proprietary bus 
connection. 

The connections between the smart card personalization server 100 and the card 
management system 150 and the stations 130 can also be implemented through standard 

10 local area networks, wide area networks, dedicated phone lines, or other remote 
communication infrastructure used to transfer data. Alternate connections will be 
apparent to those skilled in the art and are within the scope of the invention. 

Figure 2 is a block diagram of one embodiment of the smart card personahzation 
system illustrating the logical input and output connections for the smart card 

15 personalization server 100. The cardholder data 202 input and maintained by the card 
issuing organization contains information about each individual cardholder, such as 
name, account number, card expiration date, and applicable services. The card issuer 
management system 150 assembles the data necessary for each card personahzation job. 
The data for each job can be stored in a card object data store, such as a database, with 

20 each card object 208 accessible by a unique card object identifier. A job can be, for 
example, a logical grouping of similar card objects. 

The card objects 208 contain, for example but not with limitation, data and 
commands for magnetic stripe encoding, embossing, printmg, packaging and smart card 



personalization. An example card object is shown below. 

Card Object 

EMB= "123456789", "Your Name", "1/1/1999" 
5 ENC=%B123456789^ Y/Name^01011999?;123456789=01011999? 

PIC=www.photos.com/Y ourName 
SCRD=this_unique_card_object_identifier 

The example card object begins with an emboss instruction "EMB" followed by the 
10 corresponding cardholder data to be embossed on the card. The second line in the 
example card object shown above is an encode instruction "ENC" followed by the 
corresponding data to be corresponding cardholder data to be encoded on the magnetic 
strip of the card. The third line in the example card object is an instruction to print a 
picture on the card "PIC" followed by the location of the cardholder's picture. The 
15 fourth line in the example card object is smart card portion of the card object "SCRD". 
The smart card portion of the card object 208 consists of the unique card object 
identifier. 

The card issuer management system 150 passes the card object 208 to the smart 
card personalization server 100. The smart card personalization server 100 expects the 
20 personaUzation data to be in a particular format. Because the card object 208 is in a 
format defined by the card issuer that often differs firom the format(s) expected by the 
server 100, the card object 208 is translated by the server 100 when necessary. One 
method of translating the card object is described in U.S. Patent Application serial 
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number 08/755,459 entitled "System and Apparatus for Smart Card Personalization", 
filed on November 22, 1996. 

The smart card personalization server 100 provides an interface to external 
security services 204 and additional data sources 206 as needed to perform a smart card 
personalization job. The software program for the smart card personalization server 100 
can be coupled to the data sources 206 through standard data query commands that 
provide access to the data stored in the data sources. The communication protocols 
between the software program for the smart card personalization server 100 and the 
external security services 204 and the data sources 206 vary depending upon the 
underlying data management system or security system employed. 

The smart card personalization server 100 also provides an interface to each one 
of a plurality of card personaUzation stations 130. The smart card personalization 
controller 120 passes a card object identifier to one of the waiting personalization 
stations 130. The personalization station 130 presents the card object identifier to the 
server 100 in order to initiate access to the data services, security services or support 
services needed to complete the smart card personalization. Upon receiving the card 
object identifier from the personalization station 130, the smart card personaUzation 
server 100 translates the card object indicated by the card object identifier. The 
translation of the card object by the smart card personalization server 100 results in a 
sequence of commands and/or data which are passed to the personalization station 130. 
The personalization station 130 passes the commands and data received from the server 
100 directly to the smart card 160. An example process demonstrating how the server 
100 controls the actual card programming is described below. 
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Personalization Software Specifications. Figure 3 is a block diagram showing 
one embodiment of the smart card personalization server 100 of Figure 2. The system 
of the present invention utilizes the personalization server 100 to control smart card 
personalization in an environment having a plurality of personalization stations 130 
5 coupled to the personalization server 100. The personalization server 100 provides an 
interface to card personalization stations 130 and to external computing or data 
resources 204, 206 as shown in Figure 2. 

An application executing on a card issuer management system 150 prepares a 
card object 303 and assigns a card object identifier to each object. Information 
10 regarding the card objects is archived in a card object database 302 until called upon by 
the personaUzation server 100 to personalize a smart card. 

The personalization environment of the present invention comprises two 
complimentary software components. The first is personalization station interface 
software 304 which executes in a processor of the personalization station 130. The 
15 second is personalization server software 305 executing in a processor in the 

personalization server 100 which processes the personaUzation card objects and utilizes 
both local and extemal resources. 

A initialization process 306 initiates a personalization job by initiating the 
personahzation server 100 and optionally sending data, such as embossing or magnetic 
20 stripe encoding data, to the personalization station 130. The personalization server 
software 305 serves multiple card personaUzation processes 308. Each card 
personalization process 308 represents a personalization job occurring at one of the 
personalization stations 130. Each card personaUzation process 308 is logically linked 

11 



to one of the personalization stations 130. 

The personahzation station interface software 304 presents the unique card 
object identifier to the personahzation server software 305 to initiate access to services 
available through the server software 305, The personalization server software 305 
5 obtains all of the necessary job information as well as the data elements to be used in 
personalization of the smart card. The personahzation station interface software 304 
performs the card personalization utihzing the services available to it through the 
personahzation server software 305 as required until personahzation is complete. At 
completion of the job, the personalization station interface software 304 is notified by 
10 the server software 305 of completion. 

The services provided by the server software 305 include data services 312, 
security services 310 and support services 3 14. The data services 312 perform the 
acquisition of data for each personalization job and include any commonly available 
means of accessing data. The data services 312 retrieve data archived in the card object 
15 data base 302 on the card issuer management system 150 as well as fi'om additional 
external data sources as shown in Figure 2. The data can be in the form of files, 
databases, or data structures for example. 

The security services 310 interface with a variety of different extemal sources 
which provide security functions. The security functions provided by the extemal 
20 sources include any commonly available means of securing information or limiting 
access to smart card chips until a required security condition is met. An example 
security function utilizes one or more "secure keys" that are programmed into the chip 
to prevent fraudulent use of the card. The appropriate secure key data is obtained by the 

12 



smart card personalization server software 305 from secure key records maintained by 
the card issuer or an extemal security source and then transferred to the personalization 
station interface software 304. The security services 310 also provide security fiinctions 
that can be used, for example, to ensure the integrity and secrecy of data during the 
5 transmission of data to and from the personahzation station 130. 

The support services 314 perform processing tasks that in prior systems were 
performed by the personalization station 130 or were unable to be performed at all due 
to the limitations of the personalization stations. The support services 314 include any 
commonly used fimctions that can be shared between processes such as data 
10 conversions and vaUdations for example. An example support service 3 14 is year 2000 
date validation processing. An additional example of a support service 314 is 
formatting a ten digit string of numbers representing a telephone number so that the area 
code is in parentheses. 

The personahzation server software 305 operates on a computer system which 
15 includes one or more high speed processors, data communications capability compatible 
with the target personalization stations, access to extemal resources such as security or 
file servers and a multitasking operating system. The smart card personahzation 
processes 308, identified as components of the personalization server software 305, 
utilize their own virtual memory and share resources as appropriate through threading or 
20 other common techniques well known to one skilled in the art. 

Li summary, the personahzation server software moves the processing tasks for 
initialization and personalization of smart cards from the personalization station to the 
personahzation server. The personalization station interface software is responsible for 
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servicing individual commands from the personalization server software. 

Personalization Software Communication Process. Figure 4 illustrates the 
communication sequence between the personalization station interface software 304 and 
the personalization server software 305 in order to complete personalization of a smart 
card. The smart card personalization process begins at stage 402 when the 
personalization station interface software 304 receives a unique card object identifier 
from the smart card personahzation controller as shown in Figure 2. At stage 404, the 
personalization station interface software 304 requests the commands and data 
necessary to personalize the card by passing the card object identifier to the server 
software 305. Upon receiving the card object identifier, the server software 305 starts a 
personalization session with the personalization station interface software 304 at stage 
406. 

Based on the card object identifier, the server software 305 retrieves and sends 
the data and commands unique to the card being personaUzed to the personalization 
station interface software 304 at stage 408. The data and commands are retrieved 
locally from the smart card personalization server or from additional extemal data 
sources as shown in Figure 2 including, for example, the card issuer management 
system 150. 

In one embodiment, the personalization station interface software 304 is idle at 
stage 410 until it receives the commands and data from the personahzation server 
software 305. Upon receiving the commands and data, the personalization station 
interface software 304 passes the commands and data directly to the smart card and 
retums data and/or status signals to the server software 305 as an acknowledgement at 
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stage 412. An example of the data returned by the personalization station interface 
software 304 is a serial number unique to the card and a random number. The data in 
such case can be used as part of a function provided by a security service such as an 
authentication algorithm. At stage 414, the server software 305 processes the status 
signals and/or data returned by the personaUzation station interface software 304. 

For example, at stage 408 the server software 305 sends a "select" command. 
The personalization station interface software 304 is idle at stage 410 until it receives 
the "select" command fi-om the server. At stage 412, the personalization station 
interface software 304 passes the "select" command on to the smart card and returns a 
status signal as an acknowledgement to the server software 305. After receiving the 
acknowledgment at stage 414, the server software 305 sends a *Svrite" command and 
associated data to the personalization station interface software 304 at stage 408. The 
personalization station interface software 304 is idle at stage 410 until it receives the 
"write" command from the server software 305. At stage 412, the personaUzation 
station passes the "select" command on to the smart card and returns a status signal as 
an acknowledgement to the server software 305. The loop from stage 408 to stage 410 
to stage 412 to stage 414 continues mtil the personalization is complete. 

Upon completion of the personalization of the smart card, the server software 
305 sends a "format complete" command to the personalization station interface 
software 304 at stage 416, The personalization station interface software 304 is idle at 
stage 418 until it receives the "format complete" command from the server software 
305. At stage 420 the personaUzation station interface software 304 sends an 
acknowledgement of the "format complete" command to the server software 305 and to 
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the smart card. The personalization process is complete at stage 422 when the server 
software 305 receives the acknowledgement. 

Conclusion. Li summary, the system of the present invention utilizes a 
personalization server to control smart card personalization in an environment having a 
plurahty of personalization stations. The personahzation server provides an interface to 
a plurality of card personalization stations and to extemal computing or data resources 
which normally are not directly available to the card personalization stations or which 
are not cost efficient to replicate at each card personalization station. The 
personahzation server off-loads the processing of tasks for initiaUzation and 
personalization of smart cards from the personalization station to the personalization 
server. The personahzation station is responsible for servicing individual commands 
from the personalization server. 

An advantage of the present invention is that the personalization server can 
support multiple active personalization station sessions. An additional advantage is that 
the programming logic required in the personalization station is reduced to that of 
managing data transfers. 

Other mechanisms for control of the smart card personahzation process will be 
apparent to those skilled in the art. It is to be understood that the above description is 
intended to be illustrative, and not restrictive. Many other embodiments will be 
apparent to those of skill in the art upon reviewing the above description. The scope of 
the invention should, therefore, be determined with reference to the appended claims, 
along with the full scope of equivalents to which such claims are entitled. 
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